﻿

# CodeIgniter4CMS


Salient Points:


## Licence


The CodeIgniter team make available Ci4 with a MIT licence , I'm quite happy to have anything I've added to inherit that licence;   
I’ve queried Richard Stallman on the matter who in an email reply suggested I just submit to fsf , so i've done that. 


I'm on Arch Linux where php is currently : PHP 8.0.9
Everything seems to work with CI4.1.3 and php 8 fine so far   :^)   The good news is that the core is up to date and if it works with php8 then the framework isn't going to get outdated any time soon! 


Getting  Started
-------------
--------------

Download the Zip to your Desktop. In order to reduce upload size the vendor directory was removed.  However its easy to put back using composer ; it depends on how you have composer set up . On Linux I just open a shell window i.e. xterm or equivalent, CD into the unzipped directory and type :
 
`composer install`

Never run composer with 'sudo' nor root permissions. If you do you will likely get a blank page! Now to run `composer  install`  you  need to have composer installed already , or if you don’t have it , install it. 

If your on Linux you can set up composer  by just downloading the composer.phar file then, 
from a terminal  do something like : 

`sudo chmod 777 composer.phar`

`sudo mv composer.phar   /usr/local/bin/composer`

that will put the executable file  into your /usr/local/bin which then  which then can be evoked  just using `composer`
For composer use see : https://getcomposer.org/

 Sass and Grunt
-----------------

Sass   has some advantages over css  see: https://sass-lang.com/guide

For one you can define a colour once,  and use that colour as a variable throughout the rest of the  in my case custom.sass
Grunt is a task runner and can do some  tedious tasks for you such as automatically converting sass to css.

I installed grunt globally on my linux box using :

`npm install -g grunt-cli`

If you want to use Grunt you will have to do the same.

I then using a shell windows CD'd into my CodeIgniter4CMS and typed:

`npm install grunt --save-dev`

Again you will have to run that .

After that since there is a package.json, in the web root to install stuff grunt uses for tasks just(with your terminal and context of location being being inside your web root i.e where package.json is )  run:
 
`npm install`

that will put back whats needed for Grunt to be able to use the Gruntfile.js  which is in the root of the unzipped directory
  

To fire up Ci4 from the same terminal window type `php spark serve` 

You should back on the terminal window get feedback development server started. 
Enter into the  address bar of your web browser of choice  type: http://localhost:8080 

Then you should get the landing page up .



Admin User Name and Password Setup 
---------------------------------------------
Now there is a little setting up to do , the system uses an sqlite3 database file and that needs populating with a admin user name 
and password. To to do that simply type /setUp at the url i.e full url is : http://localhost:8080/setUp 
Note the camel case with the U being a capital .The password will be automatically encrypted . 
If it works you will simply get "done”  returned .If you need to reset username and password , use sqlitebrowser to delete the entry in the admin table, of database Art .click on write changes re-run setUp again  

After that you need to go to app/config/ Routes.php and comment out lines 48 and 49 which are: 

`$routes->get('setUp','Setup::setUpForm');`

`$routes->post('setUpDo','Setup::process');`

that stops anyone else if they discover the url setting up .

You can then login going to http://localhost:8080/orange

You will probably think funny url ? well you want a weird url for login if possible so that its hard to guess. Its harder to hack a web site if hackers can find  your admin login page. Now you should see a simple captcha. 

Its my own simple login system. I have only allocated for one admin user; if I coded for more it would then involve coding to prevent
clashes of users editing the same code i.e a  locking of system. The CMS is really aimed at small business owners or bloggers looking for
an alternative to WordPress or php coders with little or knowledge of frameworks.


A quick point here; if you compare to WordPress where the login form can easily be accessed (trust me on this ) , user names 
easily obtained (trust me )  and WP has no captcha, then i suggest relatively speaking security is not bad here !  Login is under session with 5 attempts to further reduce risk from hackers.

if you want to change the url for the admin login page  edit line 105 of app/config/Routes.php :

`$routes→get('orange','Login::login');`

change ‘orange’ to something else 

PLEASE note there are some re-directs using whatever you change 'orange' to in the file app/Controllers/Login.php 
on lines 168 and 195 .So if you change /orange to something else in routes, reflect this on lines 168 and 195 in app/Controllers/Login.php 


These are evoked on a failure on login back to login form.


The other points are that the system has as its front end bootstrap, and it uses flexbox .
I have break points so its responsive to different device size windows. 

Before I forget; on the landing page, that has the carousel on the right is the latest Tweets; its my daughters tweet account. I’m not advertising;the point is you can replace that embed code with your own, so surfers can see a couple of your latest tweets. Lets hope you update more than my daughter . “is she bothered ?”  No 

Running Grunt
-------------------

Now when you ran “composer install”  that should have put twbs into vendor.
The twbs directory will be Bootstrap in the form of Sass. 

After editing either the bootstrap sass (not a good idea in my view) or the sass in the custom.scss (see image for location) run once :

`grunt do1`

`grunt do2`

`grunt do3`

That does the conversion of sass into css , concats 3 bootstrap css into one etc. Custom.css ,  by the way part overrides the bootstrap.css


One file which is referenced in the view layout.php brings it all together and is called “style.css” 
One you’ve run the 3 grunt as above run once :


`grunt watch`

After that any changes to custom.scss will be picked up and the processing done automatically. You might have to clear the browser cache as mentioned and also re-fresh browser! Feel free to edit Grunt.js so that the browser refreshes automatically  

Since I’ve run grunt and the Bootstrap.css are available if you don’t want to get involved with grunt or sass, then just directly edit Custom.css which is at  public/custom.css 




Regarding the contact form for people to get back to you,  from the web and the process of surfers input into the contact form, the way I used it was to use my google account name and password in Sendmail.php .

I did that via lines below  of app/controllers/sendmail.php

$mail->Username = "*@gmail.com";
//Password to use for SMTP authentication
$mail->Password = "*****";

Line 90 (marked out here for privacy is my google email) now I had google email arranged as a “two step” 

then  :
$mail->setFrom('admin@yourdomain', 'john Doe'); 
$mail->addAddress('emailAddressWhereMeesageShouldBeSent', 'John Doe');

here admin@yourdomain simply comes up in email message. For the section "emailAddressWhereMeesageShouldBeSent " what i did 
was use my yahoo email account email. So basically i used my google account email and google mail sever to send myself an email to my yahoo email account. you can use your domain email account if you want and simply your own email account to receive the message.


The bane of our lives  these days, are spammers, so before the input from a surfer gets sent to the email , defined in the controller Sendmail.php
a bit of spam checking is done. On my live testing I didn't actually get much spam ( maybe that was due to not much traffic ?) any way , the spam checking 
is done via a Controller called SpamChecker.php located app/Andy/SpamChecker.php 
If you open up that file you will see a small array such as 'http','www','//', 'viagra','


Obviously spammers want to send you a link to their clients web site, so the first 3 values in the array reflect that. Then I've added key words from the spam 
i received. if any of that is input into the message text box of the contact form, the surfer 
gets re-directed to a "your a spammer page" and the message is not sent. 

You can add your own key words as you see fit. 



Blog
------


I left an arbitrary blogs in the database, so you could play with how the edit or delete works. Have a look at the blog article there is some more info in the blog itself.

 Another small point at the bottom of each page you will see a link, saying download in pdf. Surfers who visit your blog, and you write something interesting will want to download it !
If you try that yourself it would go to your local download.

Now a quick point regarding running the web app from your desktop and having it served from say Apache. When fired up using spark, the download struggles  and doesn't really work. I've got it served from Apache local dev, and the download to pdf, in this case works fine.  

Edit of blogs
---------------

Now if you have done anything with html , you will know that some characters are best represented by their html entity for best rendering to how you want
then to look; databases also don't like certain characters. So here's the problem, when you do an edit of a blog enter characters without thinking it 
ould cause  glitch. I don't want that to happen, so when you click submit the system does some regular expression filtering. You also don't want the sytem to be a control freak either, or there might be no formating. So i've included tags that a permitted including &#60;p &#62; stuff here &#60;&#47;p&#62;  (start and end of paragraph) You can also safely directly type apostrophies int othe text box, they will be converted to html code representations 


Image Names In Blog and Gallery
------------------------------------

Don't use underscore(_)  in image names dash ( -) is ok because of the regex if there are odd characters in the name they will get removed 
then there will be an issue of the name stored in the database and its orginal name , which is used for moving into blog Images directory 


Views
-------


You might have come across Blade or twig on other systems. With CodeIgniter you can make use of "layouts" which is what i 've done.

 So if you want to have another page called say something.php then the view contents would look like:
 
 
 <?= $this->extend('layout') ?>
<?= $this->section('content') ?>
<div class ="flex2">
<div class ="content">

Page content of the view goes here 


</div>
</div>
<?= $this->endSection() ?>				

One the home page that comes up if you click on <img src="1.png" width ="120px" float ="left">
I have also added a bit more information of the views, that come up on clicking them, 
getting rid of them and getting rid of twitter feed and  carousel 

Database
----------

The reason why the system works and that you can see the arbitary blogs , is that it doesn't need 
MySQl to work. Instead i use sqlite3 database , which is "serverless" meaning it doesn't require a db server to work.
The database name is just "Art"  and is located in the writable directory. Make sure that the writable directory
has read & write permissions and so does the Art database file.

Sqlite db's sometimes are named with .db suffix. I found that with one datbase browser, nothing was visible until
i clicked to open "all files". A light and simple database browser and editor is called sqlitebrowser: https://sqlitebrowser.org/
It should be in your repository if your on Linux.

As a browser I use Firefox (hey they need all the help they can get) and had a little trouble with web caching. 
It kept serving me the same page; that was before I edited custom.scss.

Either you are going to have to keep clearing the web cache via history or try , typing “ about:config  “ into the address bar and disable web caching.


The system is written on top of CodeIgniter 4.1.3 and consists of a very light CMS system. if you look at the attached image , 
which once logged in is accessible from /orange

I.e full url i.e http://localhost:8080/orange 

the links take you to forms where administrative tasks can be done will be visible.
 if not logged in access the admin page http://localhost:8080/admin will come up as page not found. 
 You don't want web surfers getting access to the url , so its prevented using filters.


Moving to production
------------------------

This CMS is really aimed at aspiring coders maybe coming to a framework for the first time. Looking int othe code you can see
the basics of CRUD operations. Maybe you will be able to improve on  my code one day :^) 

Anyway I have had the system testing live for some time , so maybe not sophisticaed it does the good 

If you want to give it a go a few things need tweaking . At line 24 of app/Config/app.php I use the line :

`public $baseURL = 'http://localhost:8080/';`

Change  that to your domain(keep trailing slash at end /)  or if developing on Apache rather than using spark serve what ever url you have set to serve the app up. 
eg on my Apache I use 127.0.0.2  via  /etc/hosts and my virtual hosts set up to serve up landing page of web   

To get rid of debug toolbar at every bottom of page go to line 22 of index.php in public and change

`$_SERVER['CI_ENVIRONMENT'] = 'development';`

to : 

`$_SERVER['CI_ENVIRONMENT'] = 'production';`


CodeIgniter4 documentation is at : https://codeigniter4.github.io/userguide/

The CodeIniter forum is at : https://forum.codeigniter.com/portal.php



PS I apologise to anyone who previously downloaded when it was a chunky 90Mb , that was due to unseen junk in .files
I've removed it so its now more a reasonable download size

Slso i'm in the process of checking , adding things i've forgot , and tidying up , also checking things like inclusion of CSRF protection. Actually that should have been done in all the forms, but i will double check . so i will up date as I get the time. 
I've put authorship in the top of the controllers I wrote with my email if you have any burning questions

<a href="&#109;a&#105;l&#116;&#111;:&#97;&#110;&#100;&#121;&#98;&#114;&#111;&#111;&#107;&#101;&#115;&#116;&#97;&#114;&#64;&#103;&#109;&#97;&#105;&#108;&#46;&#99;&#111;&#109;">captain-sensible</a>

